Tuesday, February 27, 2007

RunLegacyCPLElevated.exe

Some excellent detective work by Symantec's Ollie Whitehouse has uncovered a way that hackers can force Vista's User Account Control (UAC) to show an untrusted application as "trusted".

He has shown that a program core to the Vista legacy software support system - RunLegacyCPLElevated.exe - can be manipulated to display, within the UAC, the "trusted" color normally associated with a digitally-signed program - even when that program is clearly malware.

This is yet another reason why Microsoft should consider certifying Authentium's VirtualATM technology for Vista 64 bit. The only approach to solving the problem of trust is to "create trust" in a very focused and enforceable way within an essentially non-trustworthy environment, and protect all links in the chain.

I haven't got time to blog about the specifics of Symantec's discover now - but eWeek continues its excellent reporting on all things security and Vista-related with an article by Lisa Vaas on this vulnerability.

No comments: